Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 507894 - net-misc/asterisk, net-misc/asterisk-core-sounds, net-misc/asterisk-extra-sounds, net-misc/asterisk-moh-opsound -- alternate permissions suggestion
Summary: net-misc/asterisk, net-misc/asterisk-core-sounds, net-misc/asterisk-extra-sou...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Jaco Kroon
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-17 10:34 UTC by Jaco Kroon
Modified: 2019-12-07 11:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
asterisk-11.11.0-ebuild-config-files-as-root.patch (asterisk-11.11.0-config-files-as-root.patch,909 bytes, patch)
2014-08-29 13:29 UTC, Jaco Kroon
Details | Diff
asterisk-core-sounds-1.4.22-ebuild-root-owned.patch (asterisk-core-sounds-1.4.22-ebuild-root-owned.patch,408 bytes, patch)
2014-08-29 13:38 UTC, Jaco Kroon
Details | Diff
astersik-extra-sounds-1.4.22-ebuild-root-owned.patch (asterisk-extra-sounds-1.4.22-ebuild-root-owned.patch,410 bytes, patch)
2014-08-29 14:26 UTC, Jaco Kroon
Details | Diff
asterisk-moh-opsound-3.02-ebuild-root-owned.patch (asterisk-moh-opsound-2.03-ebuild-root-owned.patch,398 bytes, patch)
2014-08-29 14:28 UTC, Jaco Kroon
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaco Kroon 2014-04-17 10:34:33 UTC
Tony,

As you are aware I'm running multiple asterisk instances on the same physical, to prevent problems each instance is running as a different user.  I'd like to share files such as those under /var/lib/asterisk/{moh,sounds}.

These files are currently installed owned asterisk:asterisk, mode 660 for files, and 770 for directories.  I can't see that asterisk itself has any need to (normally) write to these locations.  I also install a /uls/ under each of those where both apache and asterisk has write access to enable user-uploads of sounds/recordings/moh and this works (going to need to tweak that process a bit now too).  However, for easier maintenance I'm utilizing symlinks to clone to core files from /var/lib/asterisk/* into /var/lib/asterisk.${instance}/ (full clone of folders, files are linked).

The "other" (non-core) instances are now having (due to them not running as asterisk:asterisk) unable to access those files.  Since asterisk shouldn't ordinarily need to write to these locations my suggestion is to install the files and folders under /var/lib/asterisk/{sounds,moh}/ as root:root with perms 755 for folders, and 644 for files.

A manual chown/chmod of the affected folders/files on one of my systems resolved the problem for us.

Reproducible: Always
Comment 1 Tony Vroon gentoo-dev 2014-04-17 11:37:26 UTC
If I could have this as a patch to the current ebuild, it will be in the next Asterisk release. Or, if urgent, on an -r1. Let me know.
Comment 2 Jaco Kroon 2014-08-29 13:29:14 UTC
Created attachment 383910 [details, diff]
asterisk-11.11.0-ebuild-config-files-as-root.patch

Hi Tony,

I forgot about this.  Similar arguments apply for the config files, bitten me three times now, so I came digging again.  Attaching a patch for asterisk itself so long, will cook patches for the other ebuilds mentioned in a second.
Comment 3 Jaco Kroon 2014-08-29 13:38:11 UTC
Created attachment 383912 [details, diff]
asterisk-core-sounds-1.4.22-ebuild-root-owned.patch
Comment 4 Jaco Kroon 2014-08-29 14:26:32 UTC
Created attachment 383914 [details, diff]
astersik-extra-sounds-1.4.22-ebuild-root-owned.patch
Comment 5 Jaco Kroon 2014-08-29 14:28:19 UTC
Created attachment 383916 [details, diff]
asterisk-moh-opsound-3.02-ebuild-root-owned.patch
Comment 6 Jaco Kroon 2014-08-29 14:31:46 UTC
That covers it.  Looks like the core asterisk build creates the sounds and moh folders as root anyway, so that's all good.  It's just the three ebuilds that installs into them incorrectly, and then the config files currently that's giving me problems.

No rush, next release inclusion would be adequate.
Comment 7 Tony Vroon gentoo-dev 2014-09-29 10:20:06 UTC
+*asterisk-11.13.0 (29 Sep 2014)
+
+  29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.10.2.ebuild,
+  +asterisk-11.13.0.ebuild:
+  Additional resilience against invalid (ao2) object references. FORTIFY_SOURCE
+  fix now upstream. Modify permissions to suit a multi-daemon setup as per Jaco
+  Kroon in bug #507894.
Comment 8 Tony Vroon gentoo-dev 2014-09-29 10:54:37 UTC
+*asterisk-12.6.0 (29 Sep 2014)
+
+  29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.6.0.ebuild:
+  Additional resilience against invalid (ao2) object references. Now supports
+  empty passwords for PJSIP userpass authentication. Masquerade fixes for T38
+  between PJSIP and non-PJSIP chanels. FORTIFY_SOURCE fix now upstream. Modify
+  permissions to suit a multi-daemon setup as per Jaco Kroon in bug #507894.
Comment 9 Tony Vroon gentoo-dev 2017-09-19 22:18:24 UTC
This was fixed a long time ago, but I never closed the bug.
Comment 10 Jaco Kroon 2018-02-05 16:26:35 UTC
Hi Tony,

Yes, the patch for asterisk 11.11.0 was applied (and may contain a bug):

 	# keep directories
-	diropts -m 0770 -o asterisk -g asterisk
-	keepdir	/etc/asterisk
+	diropts -m 0770 -o asterisk asterisk
 	keepdir /var/lib/asterisk
 	keepdir /var/spool/asterisk
 	keepdir /var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail}

We don't need the keepdir for /etc/asterisk (we install files into that folder so it's fine), and I suspect the same applies to /var/spool/asterisk (asterisk doesn't need to write to /var/spool/asterisk itself that I'm aware of) and /var/lib/asterisk (It needs write here for astdb - which I typically move into /var/lib/asterisk/astdb which resides on ramdisk).

However, you'll note I dropped the -g on the diropts there by accident.

The patches for asterisk-core-sounds, asterisk-extra-sounds and asterisk-moh-opsound has not been applied, and these have bitten me again recently.

I'm thus re-opening here, you're welcome to indicate WONTFIX and I'll find another way (chown + chmod from another config script), but I'd prefer if we can fix this here.
Comment 11 Tony Vroon gentoo-dev 2018-02-07 09:52:46 UTC
(In reply to Jaco Kroon from comment #10)
> We don't need the keepdir for /etc/asterisk (we install files into that
> folder so it's fine)

Even with USE="-samples"?

> I suspect the same applies to /var/spool/asterisk

I have had grave voicemail setup issues without it.

> However, you'll note I dropped the -g on the diropts there by accident.

Can you obsolete the ebuild patch and do a new one that is guaranteed to apply?

> The patches for asterisk-core-sounds, asterisk-extra-sounds and
> asterisk-moh-opsound has not been applied, and these have bitten me again
> recently.

As long as they still apply I will pick them up for this bug.
Comment 12 Jaco Kroon 2019-12-07 11:47:52 UTC
Newest ebuilds contains these fixes.